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REMARKS 

Prior to entry of this amendment, Claims 1-20 were pending in this application, 
with all claims standing rejected. No claims are canceled and Claim 21 is added. Hence, 
Claims 1-21 are presently pending in this application. 

SUMMARY OF OFFICE ACTION 
Claims 3, 4, 6, 7, 16 and 17 were rejected under 35 U.S.C. §112, second 

paragraph, as allegedly indefinite. The Office Action alleges that the meaning of "MIB" 

is unclear in the term "MIB Views". 

Claim 13 was rejected under 35 U.S.C. §112, second paragraph, as allegedly 

indefinite. The Office Action alleges that the meaning of "'find first' fimction" is 

unclear. 

Claims 1, 2, 9, 10, 14, 15, 19 and 20 were rejected under 35 U.S.C. §103(a) as 
allegedly unpatentable over Schneider et al. Schneider'' \ U.S. Pat. No. 6,785,728) in 
view of Paulsen et al. ("Paulsen'"; U.S. Pat. No. 6,055,575); Claims 3 and 16 were 
rejected under 35 U.S.C. § 103(a) as allegedly unpatentable over Schneider in view of 
Paulsen, in further view of RFC 2571, "An Architecture for Describing SNMP 
Management Frameworks", written by D. Harrington ("Harrington"); Claims 4, 8, 1 1 
and 17 were rejected under 35 U.S.C. § 103(a) as allegedly unpatentable over Schneider 
in view of Paulsen, in further view of RFC 2575, "View-based Access Control Model for 
the Simple Network Management Protocol", written by B. Wijnen ("Wijnen''); Claims 5, 
12 and 18 were rejected under 35 U.S.C. §103(a) as allegedly unpatentable over 
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Schneider in view of Paulsen, in further view of Luciani et al. {''Lucianr; U.S. Pat. No. 
6,614,791); and Claims 6, 7 and 13 were rejected under 35 U.S.C. §103(a) as allegedly 
unpatentable over Schneider in view of Paulsen, in further view of Kekic et al. (''Kekic''; 
U.S. Pat. No. 6,664,978). 

Claims 6 and 7 were objected to because of typographical errors. 

CLAIM OBJECTIONS 
Claims 6 and 7 are amended to correct typographical errors, by replacing with 

66. 

REJECTIONS NOT BASED ON PRIOR ART 

Rejections under 35 U.S.C. §112, second paragraph 

Claims 3, 4, 6, 7, 16 and 17 were rejected based on the allegation that the meaning 
of "MIB" is unclear in the term "MIB Views". "MIB" is a well-known acronym, in the 
field of network management, for "Management Information Base." As described at 
page 15, lines 12 and 13, of the Specification, a "Management Information Base (MIB) is 
a collection of Managed Objects. . .". Hence, one skilled in the art of network 
management certainly understands the meaning of the term "MIB" based on knowledge 
of tools used in the art and/or the Specification. 

However, to eliminate any uncertainty as to the meaning of the acronym "MIB", 
Claims 3, 4, 6, 7, 16 and 17 are amended to include the complete term to which "MIB" 
refers. That is, these claims are amended to include the term "Management Information 
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Base" to further describe the term "MIB". The rejection of Claims 3, 4, 6, 7, 16 and 17 
under 35 U.S.C. §112, second paragraph, is now moot. 

Claim 13 was rejected based on the allegation that the meaning of "'find first' 
function" is unclear. Claim 13 is amended to remove the term "'find first' function". 
The rejection of Claim 13 under 35 U.S.C. §1 12, second paragraph, is now moot. 

REJECTIONS BASED ON PRIOR ART 
Rejections under 35 U.S.C. $103(a) 

(n Claims L 2. 9. 10. 14. 15, 19 and 20 

The Office Action rejected Claims 1, 2, 9, 10, 14, 15, 19 and 20 under 35 U.S.C. 
§ 103(a) as allegedly unpatentable over Schneider in view oi Paulsen. This rejection is 
traversed. 

The Office Action did not establish a prima facie case of obviousness with respect 
to Claims 1, 2, 9, 10, 14, 15, 19 and 20 because the cited references do not teach or 
suggest each and every feature recited in these claims, as discussed hereafter. 

(A) The Schneider reference 

The Office Action relies on part of a description of FIG. 1 in Schneider for the 
teaching of the feature "receiving a request to carry out a management protocol 
operation." Reliance on the cited passage of Schneider for such a teaching is unfoimded. 
FIG. 1, and the associated description, generally describes a virtual private network 
(VPN) between two network endpoints, i.e., a requestor and a server. The requestor and 
the server communicate over the VPN using "one of the standard TCP/IP protocols." 
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The cited passage of Schneider teaches nothing about network management using 
a management protocol Hence, Schneider could not possibly teach or suggest receiving 
a management protocol operation request. The mere reference to a VPN between a client 
and a server does not meet the standard required of a reference for teaching a feature of a 
patent claim and, therefore, does not meet the standard required for a prima facie 
obviousness rejection. 

Further, the mention of the TCP/IP protocol does not refer to a management 
protocol. Network transmission protocols, such as TCP, and network management 
protocols, such as SNMP (Simple Network Management Protocol), are different and 
serve different purposes. Claim 1 specifically recites the use of a management protocol 
not the use of a transmission protocol Albeit, management protocols (e.g., SNMP) and 
other application layers typically operate on top of a transmission protocol (e.g., TCP/IP), 
but a mere reference to TCP/IP is not a teaching of "receiving a request to carry out a 
management protocol operation ." 

The Office Action relies on a description of access policies and administrative 
policies, in Schneider, for the teaching of the feature "identifying, among a plurality of 
managed objects , a subset of objects that requests associated with the virtual private 
network are permitted to access The administrative policies are defined in terms of 
sets of administrative users and objects. However, Schneider does not describe access to 
"managed objects", as the term is commonly used in the field of network management 
and described in the Specification. 

For example, as described in the Specification at page 3, lines 20-22, information 
in an SNMP-enabled device is stored in the form of a plurality of Managed Objects that 
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are arranged in an object tree, and each object has one or more corresponding object 
instances. "Managed Objects" and "MIBs" are further described at page 15, lines 4-14, 
with the following example: a list of currently active TCP circuits in a particular host 
computer is a Managed Object, and a Management Information Base (MIB) is a 
collection of Managed Objects. Therefore, the term "managed objects" should be 
interpreted in the context of network management managed objects , such as Managed 
Objects associated with an SNMP-managed network device, for example, a network 
router. 

(B) The Paulsen reference 

The Office Action rehes on a description of a method for estabhshing, and 
communicating data over, a VPN, in Paulsen, for the teaching of the feature "determining 
an identifier of a virtual private network in the request." Reliance on the cited passage of 
Paulsen for such a teaching is unfounded. The cited passage of Paulsen describes what is 
a typical challenge/response communication associated with an authentication phase in 
establishing a virtual private network (VPN). 

However, the cited passage of Paulsen teaches nothing about the use of a VPN 
identifier in a management protocol operation request . The mere reference to a VPN 
authentication phase between a client and a server does not meet the standard required of 
a reference for teaching a feature of a patent claim and, therefore, does not meet the 
standard required for a prima facie obviousness rejection. 

Examination of patent claims requires that a claim be examined in its entirety, as 
a whole. It is well-settled law that "[i]t is impermissible to use the claimed invention as 
an instruction manual or ^template' to piece together the teachings of the prior art so that 
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the claimed invention is rendered obvious" and that "[o]ne cannot use hindsight 
reconstruction to pick and choose among isolated disclosures in the prior art to deprecate 
the claimed invention." In re Fritch , 972 F.2d 1260 (Fed. Cir. 1992), quoting //i rg Fine, 
837 F.2d 1071, 1075 (Fed. Cir. 1988). 

It appears that the Office Action is not examining Claim 1 as a whole, and uses 
the embodiment of Claim 1 as a template to piece together alleged teachings of the prior 
art to render Claim 1 obvious. When interpreted as a whole. Claim 1 recites, inter alia, a 
method in which a particular VPN is identified from a management protocol operation 
request so that a subset of managed objects, which requests associated with that particular 
VPN are permitted to access, can be identified . Consequently, access to managed objects 
on a network device can be controlled in a secure manner. This secure access is provided 
by limiting access to only the managed objects, on a device that may be participating in 
multiple VPNs, that are associated with the particular VPN. 

As discussed, Schneider and Paulsen, independently or in combination, do not 
teach or suggest all of the features of the embodiment recited in Claim 1. Specifically, 
the cited references do not teach anv use of a VPN identifier within a network 
management protocol operation request, for controlling access of network management 
requests . For at least the foregoing reasons. Claim 1 is patentable over the cited 
references of record. 

Independent Claim 9 recites some features that are similar enough to Claim 1 that 
the arguments presented herein in reference to Claim 1 also apply to Claim 9. Generally, 
Claim 9 recites the use of a VPN identifier in a management protocol operation request . 
More specifically, Claim 9 recites use of a VPN identifier, embodied in a securitv name 
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value within a network management protocol operation request, for matching with an 
associated MIB view that corresponds with the operation, for managing the processing of 
such operations on managed objects in the MIB . The cited references do not teach any 
use of a VPN identifier within a network management protocol operation request. 
Therefore, Claim 9 is patentable over the cited references. 

Independent Claims 14, 19 and 20 recite similar features to those recited in Claim 
1, in different valid claim formats. Hence, the arguments presented herein in reference to 
Claim 1 also apply to Claims 14, 19 and 20. Therefore, these claims are patentable over 
the cited references of record. 

Dependent claims 2, 10 and 15 depend either directly or indirectly from Claims 1, 
9 and 14, respectively. Therefore, these claims are patentable over Schneider and 
Paulsen for at least the same reasons as the claims from which these claims depend. 

(2) Claims 3 and 16 

Claims 3 and 16 were rejected under 35 U.S.C. § 103(a) as allegedly unpatentable 
over Schneider in view of Paulsen, in ftirther view of Harrington. This rejection is 
traversed. 

Dependent Claims 3 and 16 depend from Claims 1 and 14, respectively. The 
Office Action again relies on Schneider and Paulsen for a teaching of the features of 
Claims 1 and 14. However, the cited references do not meet the standard for estabhshing 
a prima facie case of obviousness with respect to Claims 3 and 16 because the cited 
references do not teach or suggest each and every feature recited in these claims, as 
discussed herein primarily in reference to Claim 1. Furthermore, Harrington does not 
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cure the deficiencies in the teachings of Schneider and Paulsen. Therefore, Claims 3 and 
16 are patentable over Schneider, Paulsen, and Harrington for at least the same reasons 
as the claims from which these claims depend. 

Li addition, Claims 3 and 16 recite additional features that are not taught or 
suggested in the cited references. For example, Harrington does not teach ma pping VPN 
identifiers to views of subsets of managed objects by associating, in entries in a view- 
based access control model (VACM). SNMPv3 securitvName values to corresponding 
MIB Views , as recited in Claims 3 and 16. Rather, the cited passage of Harrington 
merely and generally describes the use of securitvName values to represent principals , on 
whose behalf SNMP services are provided or processing takes place. Harrington does 
not come close to describing the specific use of securitvName values to identify a VPN, 
from which a subset of corresponding managed objects are identified, as in the 
embodiment recited in Claims 3 and 16 and summarized above. 

(3) Claims 4, 8, 11 and 17 

Claims 4, 8, 1 1 and 17 were rejected xmder 35 U.S.C. § 103(a) as allegedly 
unpatentable over Schneider in view of Paulsen, in fiirther view of Wijnen. This 
rejection is traversed. 

Dependent Claims 4, 8, 1 1 and 17 depend directly or indirectly from Claims 1, 9 
or 14. The Office Action again relies on Schneider and Paulsen for a teaching of the 
features of Claims 1, 9 and 14. However, the cited references do not meet the standard 
for establishing a prima facie case of obviousness with respect to Claims 4, 8, 1 1 and 17 
because the cited references do not teach or suggest each and every feature recited in 
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these claims, as discussed herein primarily in reference to Claim 1 . Furthermore, Wijnen 
does not cure the deficiencies in the teachings of Schneider and Paulsen, Therefore, 
Claims 4, 8, 1 1 and 17 are patentable over Schneider, Paulsen, and Wijnen for at least the 
same reasons as the claims from which these claims depend. 

In addition, Claims 4, 8, 1 1 and 17 recite additional features that are not taught or 
suggested in the cited references. For example, Wijnen does not teach associating VPN 
identifiers with SNMPv3 securitvName values, in entries in a view-based access control 
model (VACM) that associates securitvName values to corresponding MIB Views , as 
recited in Claims 4 and 17. Rather, the cited passage of Wijnen generally describes the 
use of MIB Views in relation to access rights, and access policies in the context of the 
VACM. Wijnen does not describe the specific use of V ACM and securityName values to 
identify a VPN, as in the embodiment recited in Claims 4 and 17 and summarized above. 

(4) Claims 5, 12 and 18 

Claims 5, 12 and 18 were rejected under 35 U.S.C. §103(a) as allegedly 
unpatentable over Schneider in view of Paulsen, in further view of Luciani. This 
rejection is traversed. 

Dependent Claims 5, 12 and 18 depend directly or indirectly from Claims 1, 9 or 
14, respectively. The Office Action again relies on Schneider and Paulsen for a teaching 
of the features of Claims 1, 9 and 14. However, the cited references do not meet the 
standard for establishing a prima facie case of obviousness with respect to Claims 5, 12 
and 18 because the cited references do not teach or suggest each and every feature recited 
in these claims, as discussed herein primarily in reference to Claim 1. Furthermore, 
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Luciani does not cure the deficiencies in the teachings oi Schneider and Paulsen, 
Therefore, Claims 5, 12 and 18 are patentable over Schneider, Paulsen, and Luciani for at 
least the same reasons as the claims from which these claims depend. 

Li addition, Claims 5, 12 and 18 recite additional features that are not taught or 
suggested in the cited references. For example, Luciani does not teach identifying a MIB 
variable referenced in the request, and determining whether the management protocol 
operation of the request is allowed for the variable based on one or more views 
referenced in a mapping of VPNs to corresponding views of subsets of managed objects , 
as recited in Claims 5, 12 and 18. Rather, the cited passage of Luciani describes 
identifying a VPN fi-om a packet, for adding/deleting a VPN fi"om a MPOA/NHRP 
network . 

(5) Claims 6, 7 and 13 

Claims 6, 7 and 13 were rejected under 35 U.S.C. § 103(a) as allegedly 
unpatentable over Schneider in view of Paulsen, in further view of Kekic, This rejection 
is traversed. 

Dependent Claims 6, 7 and 13 depend directly or indirectly from Claims 1 or 9. 
The Office Action again relies on Schneider and Paulsen for a teaching of the features of 
Claims 1 and 9. However, the cited references do not meet the standard for establishing a 
prima facie case of obviousness with respect to Claims 6, 7 and 13 because the cited 
references do not teach or suggest each and every feature recited in these claims, as 
discussed herein primarily in reference to Claim 1 . Furthermore, Kekic does not cure the 
deficiencies in the teachings of Schneider and Paulsen. Therefore, Claims 6, 7 and 13 are 
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patentable over Schneider, Paulsen, and Kekic for at least the same reasons as the claims 
from which these claims depend. 

NEW CLAIM 

New Claims 21 is added to claim an embodiment of the invention described in the 
application as filed. No new matter is introduced in the application by way of these new 
claims. 

In view of the distinctions between the cited references and the original claims as 
presented above, the features recited in Claim 21 are not disclosed, suggested or 
motivated by the cited references. Hence, Claim 21 is patentable over the cited 
references of record. 



CONCLUSION 

For at least the reasons indicated above, Applicants submit that all of the pending 
claims (1-21) present patentable subject matter over the references of record, and are in 
condition for allowance. Therefore, Applicants respectfiiUy request that a timely Notice 
of Allowance be issued in this case. If the Examiner has questions regarding this case, 
the Examiner is invited to contact Applicant's undersigned representative. 
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To the extent necessary, a petition for an extension of time under 37 C.F.R. 
§1.136 is hereby made. Please charge any shortages in fees due in connection with the 
filing of this paper, including extension of time fees, or credit any overages to Deposit 
Account No. 50-1302. 

RespectfiiUy Submitted, 



HICKMAN PALERMO TRUONG & 
BECKER LLP 



Date: / /c/oC ^^ ^r^^^Q r^LjXuA^ 

' ' Jq^'D. Henkhaus 

Reg. No. 42,656 

(408) 414-1080 
Fax: (408) 414-1076 
1600 Willow Street 
San Jose, CA 95125-5106 
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